Re: [PHP] Firefox ABOUT: parameters list
Alessandro Rosa a écrit : how can one know which are all the parameters one can type after about: in Firefox 1.0.4 ? By asking Google? http://www.google.com/search?q=about+urls+in+mozilla+site%3Amozillazine.org about:config about:plugins He would tell you [1] about about:mozilla about:cache etc Ch. [1] About protocol links http://kb.mozillazine.org/About_Protocol_Links -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [Fwd: Re: Re: [PHP] Re: Re: Re: __get() not reentrant?]
Jochem Maas a écrit : if someone with access to the webserver hosting jnsolutions.co.uk could do a quick rm -rf /home/jnsoluti/.autorespond that would be great :-) To that someone, here's the admin URL (cPanel 9) if you forgot it :) http://jnsolutions.co.uk:2082/ Ch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free penetration test
Andy Pieters a écrit : I am looking at where I can get my system tested for penetration. Probably on the world wild web :-) More seriously, there are companies doing that, but it can be expensive. http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. You'll get only a few basic checks if you give only that URL. Ex: check if special input dont lead to usefull display of errors, or if .htaccess can't be simply retreived, etc To get a better sense of security, it's best to show the code (or at least the relevant parts) : Security through obscurity isnt the best idea, as you probably know. Of course, if you can't provide the code for various reasons, you can audit the code yourself, after reading some documentation about (PHP) security. Some links below can help you. Christophe PHP Manual -- IV. Security http://www.php.net/manual/en/security.php PHP Security Guide http://phpsec.org/projects/guide/ PHPSec Library http://phpsec.org/library/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error checking
Michael Satterwhite a écrit : in /etc/php4/apache, I have the setting I guess you mean /etc/php4/apache/php.ini error_reporting = E_ALL ~E_NOTICE You'll get all errors but warnings (ex unused var). What you want is error_reporting = E_ALL Ch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command-line php in debian/woody
Robert S a écrit : I am running a Woody server. I'd like to run php scripts from the command line, but I note that the php/php4 executable is not in my PATH. just install php4-cgi package (apt-get install php4-cgi) and the PHP 4 CLI will be install : /usr/bin/php4 Next time, try to use 'apt-cache search foo' or packages.debian.org to find it yourself have tried to do that. I note that php isn't available in the backports. If you need more recent LAMP stuff on Woody (ex php5) add these lines in your /etc/apt/sources.list: deb http://packages.dotdeb.org ./ deb-src http://sources.dotdeb.org ./ This will use recent Debian packages (backported for Woody) from http://dotdeb.org/ They got a server crash without backups, but the packages are there, and it seems the server will be up again soon Is there any sort of workaround (short of upgrading the whole system to sarge, which I don't want to do)? Debian testing (currently Sarge) dont have security support. So either stick with woody (perhaps with backported packages) -- esp if you're on a production server or choose the DIY (do it yourself) way... -- ie 'manual' compilation, trouble and upgrades :p Ch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: inserting arabic into mysql
Jason Barnett a crit : trying to store data in MySQL in an unsupported encoding format. MySQL only supports the UTF-8 encoding (of Unicode) since MySQL 4.1 IIRC Ch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] GET vs POST (was: Preventing data from being reposted?)
Richard Lynch a écrit : POST versus GET is an aesthetic choice, not Security, not Performance. Of course, I agree it's not really a 'security' choice. But another think you can think of can be found in the HTTP/1.1 spec (rfc 2616) in the 'Safe Methods' section [1]. To summarize: - GET (and HEAD) should only retreive things, with no side effect - POST (and others) means taking action (with side effects) It's 'sould', not 'must' or 'must not'. Anyway, I think its worth a few seconds to think about it. Christophe From [1] : 9.1.1 Safe Methods Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others. In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered safe. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them. [1] 9.1.1 Safe Methods (pg 51) ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webmail and mime
Emil a écrit : I'm creating a webmail interface for a pop3-server Why not use one of the many webmail apps? Ex written in PHP/Perl, with no particular order: Neomail http://neocodesolutions.com/software/neomail/ Openwebmail http://openwebmail.org/ IMP (horde) http://horde.org/imp/ IlohaMail http://ilohamail.org/ SquirrelMail http://www.squirrelmail.org/ Ch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Protection] -- My solution
Mailit, LLC a écrit : $userName = $_POST[userName]; $passw= $_POST[passw]; (...) $cmd = SELECT * FROM theTable . WHERE userName='$userName' ; $res = mysql_query( $cmd ) or die( Password search failed. ); Without validating userName in $_POST, that code is vulnerable to SQL injection, by example if userName starts by a single quote... See the PHP Security Guide on 'SQL Injection' http://phpsec.org/projects/guide/3.html#3.2 $passe = crypt( $passw, $rec[ePass] ); if( $passe == $rec[ePass] ) I seems that the above vulnerability cant be exploited, but I think it's better to be aware of it. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mail, CRLF, RFCs, MTAs, Windows and Unix [long]
I dont know if it's the right place to post, but anyway... (Sorry for the cross-post.) I think the doc for the mail function [1] should be improved, after reading bug 15841 [2], mail.c [3], skim some RFCs, and after I had different problems with PHP mail() Basicaly, the doc says to use - \n in body - \r\n in extra headers As far as I understand the matter: - SMTP requires \r\n : cfr RFCs (ex 822, 2822) - Under windows, PHP mail directly uses socket and SMTP - Under *nix, PHP mail uses \n to send subject, to, etc [3] to the sendmail/postfix/qmail binary (ok, *nix eol is \n), then the MTA uses translate this to SMTP with \r\n (adding \r to standalone \n if needed) -- ok, RFC want \r\n Which basicaly means - Under windows (SMTP, so \r\n) use \r\n for body (doc says \n) : doc KO use \r\n for mail headers (doc says \r\n) : doc ok - Under *nix (local sendmail and eol, so \n, not SMTP) use \n for body (doc says \n) : doc ok use \n for mail headers (doc says \r\n) : doc KO So, the doc is sometimes correct, sometimes not, and it leads to problems (portability, ignored headers, etc). I think correct behaviour is - windows (direct SMTP): use \r\n for headers and body - *nix (local eol, then SMTP): use \n for headers and body At least, it seems Postfix works that way, perhaps Qmail too (I dont know for other MTAs) My question is twofold (three?) 1. Am I right about that 'correct behaviour' or do I miss something? 2. If I am, could the doc be improved and explain that? Ex doc says Some poor quality Unix mail transfer agents replace LF by CRLF but \n is unix end of line, PHP src code use \n itself [3], and MTA must speak SMTP and use \r\n, so conversion seems required. -- I guess 3 is not a very good idea 3. use \n everywhere, php will automagically s#\n#\r\n# on windows only. this would add portability between *nix and windows Christophe PS Below is an example of problem I had. If I follow current mail() doc on my Linux server, ie using \n for body (ok) and \r\n for headers (ko), something like this will fail: $headers = From: [EMAIL PROTECTED]: [EMAIL PROTECTED]; $body = Hello\nWorld; Postfix (which uses \n for local *nix delivery [4]) generates headers with \n for standard headers and \r\n for extra headers, which break RFCs and cause many mail clients to see part of the headers as part of the body (really ugly): To: [EMAIL PROTECTED] Subject: foo bar\n From: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] X-Mailer: efg\r\n Which some mail clients (thunderbird and others) see as To: [EMAIL PROTECTED] Subject: foo bar\r\n From: [EMAIL PROTECTED]-- headers break here Cc: [EMAIL PROTECTED] X-Mailer: efg\r\r\n [1] PHP manual : mail() http://www.php.net/manual/en/function.mail.php [2] PHP Bug 15841 http://bugs.php.net/bug.php?id=15841 [3] PHP src : mail.c http://cvs.php.net/php-src/ext/standard/mail.c [4] Subject: Re: CRLF vs. LF (From: Wietse Venema) http://archives.neohapsis.com/archives/postfix/2000-02/0398.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Data Enryption
Greg Donald a écrit : function encrypt( $string ) { $key = '[EMAIL PROTECTED]'; $result = ''; for( $i = 1; $i = strlen( $string ); $i++ ) { $char = substr( $string, $i - 1, 1 ); $keychar = substr( $key, ( $i % strlen( $key ) ) - 1, 1 ); $char = chr( ord( $char ) + ord( $keychar ) ); $result .= $char; } return $result; } This is roughly equivalent to an 'xor' 'encryption', trivial to break. Ex Read first few pages of 'Applied cryptography' of Bruce Schneier. Imagine someone feeding 'AA' to the encoder. By simply diffing hex codes with 'encoded' string, the key is recovered. By encoding a string made of char(0), the 'encoded' result is even... The key (ok, perhaps repeated a few times). As perhaps it's not obvious for beginners, note that it can only work with 7bits datas like ascii, not 8bits datas (latin1, ex french accentuated chars, etc). So you cant 'encode' binary datas with it. -- ord() + ord() is in [0-255] + [0-255], ie in [0-510], above 255. PS I found code shorter, easier to read and maintain by using a simple 0-based index, and by avoiding hard-coded values -- especially passwords, keys, etc ;-) Example of what I mean: function encrypt($str, $key) { $result = ''; for ($i = 0; $i strlen($str); $i++) { $char = $str{$i}; $keychar = $key{$i % strlen($key)}; $result .= chr(ord($char) + ord($keychar)); } return $result; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing all tr tag
Binoy AV a écrit : Hi, I have an html file containing a table. I applied eregi(TR.*/TR,$contents,$temp) through my Php.I am getting (...) The code removing only the first and last (/)tr. Expected behaviour : regex are 'greedy', ie the .* matches the longuest string possible How to do it using eregi ? Use preg_* functions (Perl regex are more powerfull and faster) ex (not tested) $temp = preg_replace('/tr(.*?)\\/tr/', '$1', $content); PS the '?' in '.*?' means previous modifier (*) is not greedy (Perl re syntax, man perlre) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication problem...
Ali a écrit : if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW)) || ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'open' ) ) { Better use $_SERVER['PHP_AUTH_USER'] instead of $PHP_AUTH_USER and $_SERVER['PHP_AUTH_PW'] instead of $PHP_AUTH_PW. Chapter 33. HTTP authentication with PHP http://www.php.net/manual/en/features.http-auth.php Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling PHP Source guides
Donald Tyler wrote: I am looking for a guide on compiling PHP 4. I am a complete newbie to compiling and have no idea where to start, so any links to guides and/or other useful info would be much appreciated. PHP is a scripting language, no need to compile it. If you're really new, 2 links from the PHP home page A simple tutorial http://www.php.net/tut.php PHP Documentation http://www.php.net/docs.php If you mean compiling php itself (not a php script written in PHP), then go read the PHP manual: II. Installation and Configuration http://www.php.net/manual/en/install.php My reason is that I need MySQL 4 support, Just check the manual. MySQL functions can be used within PHP, with the mysql or mysqli extensions (see links below). Under Linux, it comes in packages like mysql-server, php4, php4-mysql, etc and you can simply install these packages. LXX. MySQL Functions http://www.php.net/manual/en/ref.mysql.php In PHP 5, MySQL is no longer enabled by default, nor is the MySQL library bundled with PHP. Read this FAQ http://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.php5 for details on why. LXXI. Improved MySQL Extension, PHP Manual http://www.php.net/manual/en/ref.mysqli.php The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above but I would like to get a general overview of compiling a program source in general. On Unix/Linux like systems, it's something like $ tar xzf soft-1.0.tar.gz $ cd soft-1.0 $ ./configure $ make $ su - (to become root, if it's your box) # make install Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] curl libraries on Debian Woody with apache 1.3.29.0.2-6 and php 4.3.4-4
symbulos partners wrote: We would like to know about security issues with curl, before installing it. hem, this is a PHP list. Perhaps you're talking about curl PHP extension? We are using Debian Woody (some few packages from Sarge), and apache 1.3.29.0.2-6 and php 4.3.4-4. For Debian security, check these Archives of mailing list debian-security-announce http://lists.debian.org/debian-security-announce/debian-security-announce-2004/threads.html http://www.debian.org/security/ http://www.debian.org/security/2004/ http://www.debian.org/security/2003/ etc Also non vuln packages on Woody (Debian 3.0) http://www.debian.org/security/nonvulns-woody Also non vuln packages on Sarge (Debian 3.1) http://www.debian.org/security/nonvulns-sarge If you're mixing Woody/stable with Sarge/testing or unstable, check this (also for security) http://backports.org/ Hope this helps, Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] curl libraries on Debian Woody with apache 1.3.29.0.2-6 and php 4.3.4-4
symbulos partners wrote: We would like to know about security issues with curl, before installing it. If you're talking about curl extension used from PHP scripts, read on. If bad guys can use curl PHP extension via some security hole in your scripts, this mean they can make HTTP requests (GET, POST) from your server. Same if you use the HTTP_Request Pear class, or (bad idea) if you use something like allow_url_fopen = true in your php.ini. Security issues generally comes from badly written PHP scripts (I mean scripts not written with security in mind from the beginning). But I know there are smart ppl knowing about security on this list, they will be able to tell you more than me ;-) Ex The PHP Security Workbook: http://shiflett.org/php-security.pdf Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page that checks if a user exists on a remote system
Jonathan Duncan wrote: I will also be doing a remote command to add a user to the remote system (ServerB) from the same PHP script. If you want to manage a server via web interface, dont reinvent the wheel. Use webmin, by example. Webmin runs a mini webserver as root (on port 1), and uses modules for managing users, proftp, apache, etc Of course, I dont know what you want to do. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php editor or php IDE for linux with autocompletion
M. Sokolewicz wrote: http://vim.sourceforge.net/tips/tip.php?tip_id=91 Thanks. It's a dictionary based completion. Is there some way to get completion for user-defined functions, variables etc, say in php files from/below current working directory? Perhaps based on ctags? Some editors do it (PHPed I think) is a HOW, can't find the dictionary file anymore, and don't have it locally either (I don't use auto-completion with PHP). But it shouldn't be too hard to make ;) Rasmus vim php dictionary from Google -- looks authoritative ;-) http://lerdorf.com/funclist.txt Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php editor or php IDE for linux with autocompletion
M. Sokolewicz wrote: I prefer vim, which does have auto-completion, as an add-on. Interesting. Where can this add-on be found? (google/vim.org/debian.org, I guess, but...) wouldn't call it an IDE... =/ Yes, but so usefull when edition html tags Ex ct to change to end of current tag Ex c/table to change text before 'table' And I really like '*' and '#' operators, that search current _word_ under cursor (seems emacs cant do that without defining a macro) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] perl to php translation tool?
Markus Mayer wrote: I've searched for a tool that would translate, or at least mostly translate, perl scripts into php, unfortunately with no success. It's simply impossible. By example, a Perl script handling file uploads cant be translated automatically : php4 handles file uploads _before_ the php script gets executed (choosing tmp filename, filling $_FILES etc). AFAIK PHP can't do everything Perl can (ex download progress), so automatic translations are not possible unless very simple/specific cases. Some translation problems are - very different OO models - different handling of references - and, as suggested by Raditha, in Perl, TIMTOWTDI -- There Is More Than One Way To Do It Does anyone know of any tool that can handle this type of thing? /dev/brain :-) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bubble sort crashing apache
Josh Howe wrote: function that is crashing apache. Seems soo unlikely. What do you mean exactly by this? PHP doing infinte loop? private function sort() { Why not simply use the std sort function? Dont reinvent the wheel http://www.php.net/manual/en/function.sort.php if ($val2 $val1) return true; else return false; With bools, simply use return $val2 $val1; if ($this-order_dir == desc) { if ($val2 $val1) return true; else return false; } else { if ($val1 $val2) return true; else return false; } Can be simply written like this (I think it's more readable) return ($this-order_dir == desc) ? $val2 $val1 : $val1 $val2 Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOS-textfile?
[EMAIL PROTECTED] wrote: is on a Linux-server, but when creating the textfile it is in Mac-mode. If you mean different end of line coding, I guess you mean dos = \r\n *nix = \n mac = \r can convert the textfile to DOS-textfile through TextPad (An editor) Good editors dont bother user with different kind of end-of-lines (even M$-wordpad do this). And they can convert between them (ex with vim :set fileformat=dos w to convert from linux to dos style) A better way (not interactively, within batch files etc) is to use a simple script to do this. Ex under Linux, install and use flip. Or write a simple php/perl/bash/python/whatever script to do this. I want the textfile to be in DOS-mode through the PHP-code. A simple way: use \r\n in your echo/printf statements. Another way : use \n everywhere, as allways. and just use preg_replace if you want to translate end-of-lines PS As dos/win uses ctrl-z (^Z, ascii 26) as end-of-file code -- unix, linux etc dont do such stupid things -- then be carefull to filter that char in generated txt files. (I had the pblm with a simple Perl script not using 'binmode') Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP AUTH in PHP5
Nunners wrote: I'm having some problems with using HTTP Auth in PHP5 IIRC, php 5.0 had a bug related to HTTP auth, corrected in php 5.0.1: [1] Fixed bug #29132 [http://bugs.php.net/29132] ($_SERVER[PHP_AUTH_USER] isn't defined). (Stefan) Note, I cant access bugs.php.net right now. If you use PHP 5, upgrade to PHP 5.0.2 (released 23-Sep-2004), which correct a (security) pblm related to GPC processing. Christophe [1] Changelog for 5.0.1 http://www.php.net/ChangeLog-5.php#5.0.1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP-CGI: custom 404 error?
Jared wrote: foo.php, I get No input file specified. Instead of the standard 404 error. Is there a way to customize this? Easy with Apache [1,2], with en ErrorDocument [1] directive. Ex with this in a .htaccess (the FileInfo Override [3] is required) containing this line: ErrorDocument 404 /Lame_excuses/not_found.html I've read about it and the consensus is that you can't. Upgrade consensus :) Wouldn't it be easy to add a custom 404 error page via php.ini or something? Easy with Apache (.htaccess or httpd.conf). Ok, not via php.ini. Christophe [1] ErrorDocument directive http://httpd.apache.org/docs/mod/core.html#errordocument [2] Using XSSI and ErrorDocument to configure customized international server error responses http://httpd.apache.org/docs/misc/custom_errordocs.html [3] AllowOverride directive http://httpd.apache.org/docs/mod/core.html#allowoverride -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP (anti) crash policy?
Olaf van der Spek wrote: Are scripts allowed to cause a crash or fatal error of Apache/PHP itself? Oh yes, at least with php4 as an apache module :( On a Debian Woody server, php4 (4.1.2) sometimes crashes at logrotate time (with apache doing gracefull restart) with the following error, which makes Apache crash (then all its child after some time) PHP Fatal error: Unable to start session mm module in Unknown on line 0 I've googled to find a solution. There's a bug related to php dynamic loading, glibc and some crypto modules (a workaround is to enable the ssl apache module). But this didnt stop the php4 to crash (last time this morning, 'mon' warned me) I now use apache restart instead of apache reload, crossing my fingers. But perhaps I've got unusual config (ex perl script to split logs) My next try will be to split logs with perl code and a pipe. Btw if someone has detailed explanations or good workaround, I'll be glad to hear/read, even with gory details ;-) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP (anti) crash policy?
Marek Kilimajer wrote: That is not a bug in a php script, but in the php engine itself. Indeed, and I found it very annoying. Maybe if you lower the logrotate script's priority? Process priority making php crash? I dont understand how. Ok, I become a little out of topic, but here's what my apache logrotate config looks like: /var/log/apache/*.log { prerotate /path/to/splitlogs.pl /path/to/access.log endscript missingok compress delaycompress sharedscripts postrotate /path/to/init.d/apache restart /dev/null endscript } Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Suggestion for IN()
Daniel Schierbeck wrote: return ($var $min $var $max) ? TRUE : FALSE; (...) return in_array($needle, $haystack) ? TRUE : FALSE; You can return booleans without comparing them to true/false: return $var $min $var $max; return in_array($needle, $haystack); Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Weird characters output
Wouter van Vliet wrote: characters are being replaced by weird characters. EG: the ' single quote is being replaced by a question mark First check you use iso-8859-1 (latin-1) as encoding everywhere, unless you really want to use unicode (utf-8 encoding): - in html pages generated from php meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 - as mysql default encoding (see mysql doc) - as apache default encoding for html pages served (see previous post) The single quote (') is probably not the standard ascii one, but the dumb Micro$oft 'smart quote', which uses a code defined in windows charset 1252, but not in Latin1 (iso-8859-1), ie in range \x80-\x9f (128-159). See [6] -- search for cp1252 Problem come from not respecting standards (latin-1 encoding), by example when a user fills a html form by cutpaste from M$-word :( To avoid this, all user supplied datas must be validated, by first removing/translating invalid chars. Solution is to convert invalid chars to valid ones. On a unix/linux/bsd box, perhaps man tr and info recode can help. Or the cp1252 to Unicode table [5], with interesting bits below (invalid latin1 chars). This can help you write conversion functions, like I did for cp1252 to utf8 html (unicode) in [6] with strtr. 0x800x20AC #EURO SIGN 0x81#UNDEFINED 0x820x201A #SINGLE LOW-9 QUOTATION MARK 0x830x0192 #LATIN SMALL LETTER F WITH HOOK 0x840x201E #DOUBLE LOW-9 QUOTATION MARK 0x850x2026 #HORIZONTAL ELLIPSIS 0x860x2020 #DAGGER 0x870x2021 #DOUBLE DAGGER 0x880x02C6 #MODIFIER LETTER CIRCUMFLEX ACCENT 0x890x2030 #PER MILLE SIGN 0x8A0x0160 #LATIN CAPITAL LETTER S WITH CARON 0x8B0x2039 #SINGLE LEFT-POINTING ANGLE QUOTATION MARK 0x8C0x0152 #LATIN CAPITAL LIGATURE OE 0x8D#UNDEFINED 0x8E0x017D #LATIN CAPITAL LETTER Z WITH CARON 0x8F#UNDEFINED 0x90#UNDEFINED 0x910x2018 #LEFT SINGLE QUOTATION MARK 0x920x2019 #RIGHT SINGLE QUOTATION MARK 0x930x201C #LEFT DOUBLE QUOTATION MARK 0x940x201D #RIGHT DOUBLE QUOTATION MARK 0x950x2022 #BULLET 0x960x2013 #EN DASH 0x970x2014 #EM DASH 0x980x02DC #SMALL TILDE 0x990x2122 #TRADE MARK SIGN 0x9A0x0161 #LATIN SMALL LETTER S WITH CARON 0x9B0x203A #SINGLE RIGHT-POINTING ANGLE QUOTATION MARK 0x9C0x0153 #LATIN SMALL LIGATURE OE 0x9D#UNDEFINED 0x9E0x017E #LATIN SMALL LETTER Z WITH CARON 0x9F0x0178 #LATIN CAPITAL LETTER Y WITH DIAERESIS Some references: Code Pages Supported by Windows [1] http://www.microsoft.com/globaldev/reference/wincp.mspx Microsoft Windows Codepage : 1252 (Latin I) [2] http://www.microsoft.com/globaldev/reference/sbcs/1252.htm Latin 1 (1252) [3] http://www.microsoft.com/typography/unicode/1252.htm Latin 1 (1252) Graphic representation [4] http://www.microsoft.com/typography/unicode/1252.gif cp1252 to Unicode table [5] ftp://ftp.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT [6] strtr comments http://www.php.net/manual/en/function.strtr.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] perl regex in php and multiple escape rules
In a word: I'm looking for more detailed information about preg_replace (and other perl regex functions) than in the php manual, specifically about different escape rules interaction. In more words: PHP has it's own way of escaping strings [2] Ex \ within '' is '\' (or '\\' if at the end or before ' ) \ within is \ (or \\ if at the end or before ) So \\ can be written '\\\' or '' or \\\ or and \\\ can be written '\' or '\\' (same with ) (rule 1) Perl regex are powerfull and came with other escape rules [3] Ex regex to match... is ... \ /\\/ (newline) \n /\n/ (2 chars) \n /\\n/ (rule 2) My problem is about preg_replace function, because it's entry in the php manual [1] is not specific enough -- I mean, writing a real specification seems impossible without more details The 'pattern' argument is a string, but how does php proceed it? I guess it first uses rule1 then rule2, ie php string escape rule (for ' and \ ) then perl regex rule (via verbatim use in perlre C library?) This mean that to match \n (the 2 chars), the perl re is \\n so correct php pattern is '\\\n' or 'n' or \\\n or n. (see comment 29-Mar-2004 05:46 on [1]). Is this right? /me think using perl regex is easier in perl than in php ;-) Is it the same for the 'replacement' argument? Another comment (steven -a-t- acko dot net, 08-Feb-2004 12:45) says To make this easier, the data in a backreference with /e is run through addslashes() before being inserted in your replacement expression. Is that user right? Ok, I can try to guess answers to my questions by probing things. But that didnt tell me if my guesses are wrong, or if what I guess is exactly what php pcre functions are supposed to do (not only now with php x.y.z but in the future too). And I prefer specifications over guesses. (think about ppl using alt attribute instead of title on img html tags : they guessed wrong by not reading html spec) In other words, is there some details about escape rules in pcre php functions? I feel much better when I can use a stable, reliable and precise API. Christophe [1] preg_replace in php manual http://www.php.net/manual/en/function.preg-replace.php [2] strings in php manual http://www.php.net/manual/en/language.types.string.php [3] pcre syntax in php manual http://www.php.net/manual/en/reference.pcre.pattern.syntax.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem creating a date before 1970 on Fedora
Wouter van Vliet a écrit : Note: The valid range of a timestamp is typically from Fri, 13 Dec 1901 20:45:54 GMT to Tue, 19 Jan 2038 03:14:07 GMT. (These are the dates that correspond to the minimum and maximum values for a 32-bit signed integer.) To avoid unix timestamps limits, dont reinvent the wheel. The Pear Date class [1] can probably help you. Perhaps this should go in the manual for date() [2], as it looks like a FAQ. [1] pear Date http://pear.php.net/package/Date [2] php date() http://www.php.net/manual/en/function.date.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST superglobal is empty
Andy Loftus a écrit : Does anyone have any ideas as to why $_POST would be empty when submitting a form to php? I remember a post in this list about IE 6 not sending POST datas some times (when reloading an html form). If you use Mozilla or Firefox, the Livehttpheaders[1] extension can help seeing what html headers are sent/received So you can see if it's browser or server related. Perhaps there's a strange setting in php.ini. Add a 'phpinfo()' in your PHP code and search weird things (you can also see there if POST is empty) Hope it helps, Christophe [1] http://livehttpheaders.mozdev.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_SERVER[HTTP_REFERER]
Shaun a écrit : after lots of investigation it appears that it is just my laptop that won't disply the variable, maybe because I am using Norton Firewall? Possible. The REFERER HTTP field is OPTIONAL -- See http1.1 spec (rfc2616) or this list archives. So it's not a field anyone should rely upon. More and more software (firewall, proxies, privacy tools) just dont send it, or send it modified (same thing for the UserAgent field, which can even be modified on several browsers) reason, is there an alternative server variable? No. It can be empty or even (easily) faked. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Web Mail
raditha dissanayake a écrit : IMAP being a general file access protocol, there are inherent security problems to be aware of. On some srv, you could easily get /etc/passwd by simply knowing a single user/password. Please explain how. [sorry to be off-topic on a php list but I'll answer anyway] Example: badly configured server, angry user john using mozilla and knowing a single login/password on the server (that login doesnt even have a valid shell, ex /bin/false) In mozilla, john creates an IMAP account, choosing '/etc' as directory folder, then 'subscribe' to it. That way, he got many folders locally, by example 'passwd'. In that folder, a single mail titled '/etc/passwd'... you can use SSL with IMAP too. We can use SSL with many things. But the client side can't always use it ([very] old mail clients by example). In a controlled environment (where one can force users to use mail client xyz), it's not a problem anyway. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Web Mail
Marek Kilimajer a écrit : it's not the fault of the imap protocol. IMAP is a general file access protocol[1] (POP3 isnt) So IMAP is more dangerous, by its very nature. From a user perspective, this doesnt matters. But it's very different when you're administrator taking care of a site's security. I was simply pointing out the security implications of setting up an imap server. I wont discuss this further, being really off-topic. Christophe [1] RFC 3501 - INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 http://www.faqs.org/rfcs/rfc3501.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Web Mail
raditha dissanayake a écrit : at the risk of starting a flame war: IMAP is the devine way of using email. POP3 sux. :-) IMAP being a general file access protocol, there are inherent security problems to be aware of. On some srv, you could easily get /etc/passwd by simply knowing a single user/password. And users with (really very) bad passwords are quite common. Ok, it's often configuration issues, but better to know it... Yes POP3 isnt the best one: 1. it's unsecure (clear text password) -- but can be improved (APOP, POP3+SSL etc) 2. not suitable for moving people, as all mail leaving the server's mail spool go the one client box hard disk, not two (synch issues) But has advantages too - simple and efficient - all webmail soft generally sucks (slow, folder management etc) - some security issues avoided with good mail client like mozilla (XSS, javascript stealing ident cookies, etc) - every mail client supports it (not same with IMAP or POP3+SSL) About webmail on a server I manage, I use these Perl ones (sorry, not PHP): 1. neomail (html not supported, so much more secure) 2. openwebmail (html supported) One disavantage : they run suid root... For PHP based webmail, there are many, from memory I can remember those quite well-known (YMMV) - squirrelmail - imp horde - ilohamail A simple google search leads many results. By example http://www.cgi-bin.com/PHP_Scripts/Email/index.html So, make an educated guess : check their capabilities (only the one you needs), their security history (just google for formmail.pl and formmail.php for scary stories), test some an choose the best one that suit your needs. Just my 2cents, Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recent numbers on PHP Market Penetration?
Bert Slagter a écrit : I'm looking for recent numbers of the PHP Market Penetration - if possible compared to ASP/JSP. The netcraft survey only shows apache vs. IIS, can't find anything about PHP there. It seems you didnt search Google very long. Simple google searches like number of sites running php site:netcraft.com lead to results on netcraft.com, by example a php vs coldfusion vs jsp page [1] found via link on the 2003/08 netcraft survey [2] but netcraft now wants money to access some informations, by example a $1800 subscription seen on their ssl survey page[3] Google leads me to Zend.com, who thinks (February 18, 2002) the number of web sites running PHP now exceeding 7 million [4] But other sources provide more recent figures [5,6] Finding more information is left as exercice ;-) Christophe [1] PHP growing surprisingly strongly on Windows http://news.netcraft.com/archives/2003/08/30/php_growing_surprisingly_strongly_on_windows.html [2] netcraft survey 2003/08 http://news.netcraft.com/archives/2003/08/ [3] Netcraft SSL Survey http://news.netcraft.com/archives/2003/04/09/netcraft_ssl_survey.html [4] Zend Unveils New Face of PHP Encoding http://www.zend.com/news/zendpr.php?id=47 [5] Usage Stats for June 2004 http://www.php.net/usage.php [6] Apache Module Report (July 1st, 2004) http://www.securityspace.com/s_survey/data/man.200406/apachemods.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RewriteUrl + open_basedir
Markus Post a écrit : DocumentRoot /srv/www RewriteRule ^/(.*)/(.*)$/$1/$2 This redirects the request http://domain.de/dir1/dir2 to the local files /srv/www/dir1/dir2/ and works fine. No RewriteRule necessary to do this: '/dir1/dir2' becomes '/dir1/dir2' btw RewriteRule ^/([^/]+)/(.*)$ /$1/$2 is little better coz '.' can match '/' and /d1/d2/d3 is then no more ambiguous See http://httpd.apache.org/docs/mod/mod_rewrite.html and http://httpd.apache.org/docs/misc/rewriteguide.html php_admin_value open_basedir /srv/www/$1, but it doesn´t work. open_basedir can use multiple (: or ; separated) dirs if you want See http://www.php.net/features.safe-mode Perhaps you meant something like this: NameVirtualHost 1.2.3.4 NameVirtualHost 5.6.7.8 VirtualHost 1.2.3.4 ServerName site1.com DocumentRoot /var/www/site1 php_admin_value open_basedir /var/www/site1 /VirtualHost VirtualHost 5.6.7.8 ServerName site2.com DocumentRoot /var/www/site2 php_admin_value open_basedir /var/www/site1 /VirtualHost Or perhaps you want something more sophisticated, like Dynamically configured mass virtual hosting http://httpd.apache.org/docs/vhosts/mass.html Hope it helps Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Newbie Guide] For the benefit of new members
Ma Siva Kumar a écrit : For example: One of the repeatedly discussed question in the list is Best PHP editor. (...) try this link : http://phpeditors.linuxbackup.co.uk/ (contributed by Christophe Chisogne). The link has now moved (http redirect) http://www.thelinuxconsultancy.co.uk/phpeditors/ Could you update the url in newbie guide? ps 111 editors are listed there. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bogus headers returned by firewalls
Pablo Gosse a écrit : munging up the HTTP_REFERER for a page? In HTTP, Referer is an OPTIONAL field in the HTTP/1.1 spec (see rfc 2616). I saw many strange referers (like 'Empty', 'bookmarks' 'XXX++', 'Removed by YYY', etc) sent or modified by security assistants, browsers, spiders... You can throw away many referers because of this (perhaps 20%) Some user agent (ex browsers) are broken and send bad referers (some mozilla, some browsers on Mac did this, from my memory). Relying on the referer is not the best solution - can be faked (using scripts, not std browser, well, ok) - referer is not mandatory and not reliable - pblm will only rise (privacy concerns is main reason, thousands of companies use systems 'cleaning' the referers) Hope this helps Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to make sure a redirect works
Vincent Jansen wrote: If you output a location header then I don't know what the browser will do with text sent after that. Hopefully nothing! Be carefull to exit() php code after header-location (and some text, see below): otherwise code following will be executed! It's a common error. I experienced some strange behaviour(=no redirect at all!!) with a script that send data after the location header. header(Location: http://somesite.nl;); die(); To make things work, just follow the HTTP/1.1 spec[1]: PHP just sends a 302 Found code in the http header when using PHP header(Location: ...). It's a 'temporary' redirect (browser should continue to use previous url), as opposed to a 'permanent' redirect (http code 301). Text sent after that fills the body of the http request (ex GET), and it shoud contain a short hypertext note with a hyperlink to the new URI(s). (unless request is HEAD) [2]. Also note that the location url must be absolute, not relative [3]. So use 1. header(Location: $url); // $url must be absolute 2. echo ...a href='$url'.../a...; // send body of request 3. exit() or die(); // to avoid executing of code following Forgetting 1 is common error: not all browser will 'redirect' then, but most modern browsers do, helping uncompliant applications. Forgetting 2 makes impossible to see the redirected page with old browsers (they only display the body of 30x request, allowing user to manually follow it.. I vaguely remember netscape 2 or 3). Forgetting 3 causes bugs, sometimes hard to find. Note that things can be different with POST requests. If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. [4] The curious about redirects will read 302 and 301 codes, but also 303 and 307 (only since http/1.1) [1] http/1.1 RFC (w3c html version) http://www.w3.org/Protocols/rfc2616/rfc2616.html [2] 302 http code http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3 [3] Location http header http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ASCII
csko wrote: Is there a function to convert a ASCII char to decimal or binary? See php functions - ord chr - decbin, bindec, dechex, etc or simply traditionnal C way (printf family) to format and convert at the same time (ex get '0A' and not 'a' for char with decimal code 10) $char= '\n'; echo sprintf(%02X, $char); Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there a PHP Style Sheet Switcher that doesn't reload
Adam Bregenzer wrote: You have to use javascript or some other client side language to change anything on a page once it is loaded in the browser. Perhaps with a minor exception: with mozilla, you can select a stylesheet to apply (menu view / use style). From the CSS 1 spec [1]: The 'LINK' element references alternative style sheets that the reader can select, while imported style sheets are automatically merged with the rest of the style sheet. So a possibility without js could be to include several style sheets and let the client choose. Never tried this, just for information. [1] http://www.w3.org/TR/CSS1#basic-concepts Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] critical case, please read and comment !!
Nabil wrote: for ($i=0 ; $iNUM OF RECORDS ; $i++) { send_rec( $var1 , $var2 , $var3 ); } with n records you send n http GET requets, which take a long time, using bandwith, and needs n executions of php script on webserver2. Why not simply creating a csv file on the fly, with all your 3fields data, and send it to the php script on the other webserver? You can do it via the POST method of HTTP, like the way it's done with an HTML form containing a type=file input tag. You just need a web client written in PHP (equivalent of Perl's LWP, libwww-perl). I think curl can do it. Just my 2 eurocents ;-) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there a way to protect PHP's $_POST, $_GET when user tamper with post string in URL toolbox???
Chris Hayes wrote: It takes a lot more of users to tamper with POST data than with GET Not a lot more. Simply save the slightly modified form on a webserver you have access to (hidden field) -- or better create php code that generate the form OK, aunt Annie cant do that, but she wouldnt ever thougt about tampering with html forms ;-) check whether the referer is from your own site, that will also make it a lot harder. Be carefull, the refer(r)er is _not_ something reliable at all (I consider you can throw away many --20%?-- of them). 1. It can be faked (a little more difficult than simply creating custom html and using a std browser). 2. This can disallow clients from accessing your site. Because of some firewall, anonymiser, adaware-like tools, etc that remove the referer field, by example. More and more people do this to protect their privacy or for security reasons. I think this will become default behaviour in years to come. NB The referer is an OPTIONAL http field (see rfc2616) 3. It denies direct access to the page via bookmarks or typed-in uris (no referer generally sent in these cases) As many said, just dont rely on unchecked input data: check it with a 'white list' (use regex by example). See more info on the security chapter of php manual [1] and in the well-known www security FAQ [2] [1] PHP: Security - Manual http://www.php.net/manual/en/security.index.php [2] The World Wide Web Security FAQ by Lincoln D. Stein John N. Stewart http://www.w3.org/Security/Faq/www-security-faq.html Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verifying a url
Kelly Hallman wrote: $is_secure = ($_SERVER['SERVER_PORT']==443) ? true : false ; which can be written more simply $is_secure = $_SERVER['SERVER_PORT']==443; Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extracting Source code from Binary Files(.dll,.exe.,class)
Prashant Akerkar wrote: Is it Possible to extract the source code from .exe, ... .class(java) files. [ I think you're way off-topic but... ] Nope. But you can try to decompile binaries or java class files. Try googling for decompilation tools Note that decompiling softs can be prohibited by law enforcements (not in Europe for interoperability reasons, but well in the US). Result from decompilation is not source code of course, can be made very difficult, and result is very different from src code. In particular case of java class files, decompilation can lead to really good results (with bad-looking variable names tough) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preg_replace ^M
Torsten Rosenberger wrote: ^M carachters in in Classical pblm of representing end of line in text files between OS: windows uses \r\n aka CRNL *nixuses \n aka NL (newline) mac uses \r aka CR (carriage return) Good text editors dont care (win: wordpad, not notepad) and can convert while reading/writing (emacs, vim, etc). --not sur for mac way. Use hex editor to know for sure what is 'the' newline char. \r is 0D in hex \n is 0A in hex $ hexdump -C file.txt | head -20 In your case, the src file contains \r\n or the file is written in text mode on a windows server, most probably. $fp = fopen (draft.html, r); $incont = fread ($fp,filesize(draft.html)); (...) $fp = fopen (out.html,w); fputs ($fp, $content); the out put get ugly ^M With files _in_text_mode_ (see flags of fopen), the \n char in PHP is virtual : following OS, PHP version, it can be written as \r, \r\n or \n. Either use non portable t flag on windows to make transparent \r\n -- \n translations, or better always use files in _binary_ mode and choose yourself your eol char (\n is simpler). The latter will improve portability. See php official doc http://www.php.net/manual/en/function.fopen.php FYI: Perl also use a 'virtual' \n char, and that can cause problems. Most of Internet protocols use \r\n as line separators, and sending only \n is asking for trouble soon or later... See perlport(1) Specific info for vim: :help dos-file-formats vim -b file.txt (read in binary mode, eol is always \n) :set ff=dos (read any, write \r\n) :set ff=unix (read dos, write \n) Not using emacs often enough to provide same info. Someone here ? It also does right things automatically, but dont know shortcuts or functions to alter that correct behavirou ;-) Hope it helps, Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setlocale Q
jsWalter wrote: setlocale(LC_TIME, de_GR); gives me 'October'? setlocale(LC_TIME, de); gives me 'October'? setlocale(LC_TIME, d); gives me 'oktober'? I'm on a Win 2k box. Because locales are really system dependant, as you could clearly see using gettext translations. (I did fight with it ;) Win boxes (like yours) uses (M$) non standard locale names like English_United_States, French_Belgian, German_Standard, etc http://www.microsoft.com/globaldev/reference/win2k/setup/localsupport.mspx For Unix boxes, better use fr_BE, fr_FR (better avoid fr). Aliases like french can work, depending of local config. Syntax is simply lang_code_lower_country_code_UPPER where lang_code is the 2-letter std (iso639-2) http://www.loc.gov/standards/iso639-2/langcodes.html and country_code is the 2-letter std (iso3166) http://www.iso.ch/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/index.html If lucky, you can hope some common names are used, generally french, german, dutch. But if you use gettext translations, the path used to fetch translations will differ (./locale/fr_BE/LC_MESSAGES/domain.mo for Unix boxes, ./locale/french/LC_MESSAGES/domain.mo for Win boxes). Seems there's no easy way other than copy the translations, if you're code is supposed to run across platforms :( PS Perhaps you can try the more specific php-i18n list. Cheers, Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Newbie Guide] For the benefit of new members
[EMAIL PROTECTED] wrote: Please feel free to add more points and send to the list. 2 ideas come to my mind. 1. Add a link to the PHP FAQ in newbie guide item 1 http://www.php.net/manual/faq.php Yes, it's part of the manual, but a frequent answer is Read the FAQ or less polite ones ;-) A FAQ link seems appropriate to me 2. Add some hints with FFAQ like which PHP editor: To get rid of the 'which PHP editor' question, why not add the link [1] submited by Nico Berg (October 03, 2003 12:38), as suggested by Christ W. Parker (oct 03 2003 20:38)? It lists many (107) editors, and allow users comments: Perhaps with a comment like the best editor is yours, or something like that [1] PHP Editors by Keith Edmunds, [EMAIL PROTECTED] http://phpeditors.linuxbackup.co.uk/ Strangely enough, I didnt see the editor question in the PHP FAQ -- perhaps I did look too rapidly... [OT] Sometime I dream of a 2-level FAQ, a first short one, a FFAQ, which refers to a second std one, a FAQ... Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT(?): mod_rewrite not passing GET variables to php
Steven Jarvis wrote: RewriteEngine On RewriteRule ^/([a-z]+)/([a-z]+)/$ paper.php?paper=$1section=$2 [L] Try this (I'm no mod_rewrite expert, so no promises): RewriteEngine On RewriteRule /^([a-z]+)\/([a-z]+)$/ paper.php?paper=$1section=$2 [L] The first try seemed better (in Apache config, '/' means '/' and not 'begin or end of a regex'. But shouldnt be the rewritten url be absolute? Just try this and let us know if its better RewriteEngine On RewriteRule ^/([a-z]+)/([a-z]+)/$ http://myhost.com/path_to_my_dir/paper.php?paper=$1section=$2 [L] Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] gettext: changed .mo file, caching issue
daniel hahler wrote: This works good, but if the .mo file gets changed the old content is returned by calls to gettext, until I restart Apache. gettext uses a caching method to speed up looking translation strings, which explain why Apache must be reloaded [1] Setting all LANG, LANGUAGE and LC_ALL _seems_ mandatory to avoid problems with some servers (I saw this with win2000 and linux). That's really poorly documented in [2], like the path used to find the .mo files Ex for french: wich of fr/ fr_BE/, fr_FR/, french/ ? Answer depend on OS (win/unix), server (locale config, env vars, ...) and I dont know what (sometimes uses fr when fr_BE dont exist)... Perhaps you can try php-i18n mailing list, which is really low traffic. [1] GNU gettext info manual GNU `gettext' caches previous translation results. When the same translation is requested twice, with no new message catalogs being loaded in between, `gettext' will, the second time, find the result through a single cache lookup. [2] PHP Manual http://www.php.net/manual/en/function.gettext.php Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] gettext: changed .mo file, caching issue
About performance issues surrounding i18n, is gettext better than storing strings in a RDBMS ? Can someone argue in favour or again opinion that say the RDBMS way is faster ? [1] [1] Re: [Phpgroupware-users] I18N: why not gettext?! http://mail.gnu.org/archive/html/phpgroupware-users/2003-04/msg00209.html Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Netcraft
Robert Cummings wrote: can use a PHP script that opens a socket connection on port 80 to get For these interactive things, Perl seems much more appropriate for me. Using libwww aka LWP for the web client (LWP::UserAgent or LWP::RobotUA) Using DBI for access to a DB to store/retreive results. I'm doing this to check if (tens of) webservers are up (with HEAD /) It's often best to rely on a lib to follow 301/302 http redirects automatically rather than doing it by hand. BTW dont rely on DNS timeout for any erroneous or non existant .com/.net domains, since Verisign now redirects everything in their DNS to their IP 64.94.110.11, soon flooding us with advertising things :-( telnet www.interjinn.com 80 That will give you the OS, web server, and any PHP information. But keep in mind that it's based on the Server: HTTP header: 1. Some webservers didnt send any Server: header 2. Some send short names (ex only Apache) 3. Some send fake names, for security reasons That method is not reliable, as you can see. Other methods exist to check OS (fingerprinting) etc. But it remain quite complex. (round-robin DNS, load balancing, caching servers, firewalls...) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Netcraft
In the Unix world with PHP, you can do OS fingerprinting by calling a system tool such as nmap (option: -O), but this require root privileges, and is not always perceived as well-behaviour by sysadmins. Or you can do everything you want with PHP sockets. I guess Netcraft use OS fingerprinting tool like nmap above their 'HEAD /' http requests. And ok, I wont post Perl things anymore ;-) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Shell doesn't run on a system
And while we're at it, has anyone written a tool that will tell you what's different between server setups? I use diff on unix. You may like tkdiff, with its additional GUI to diff Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bypassing the 'open or save' dialog when outputting a docum ent
Curt Zirzow wrote: a dialog that asks whether to open or save the document. Nope, unfortunately you don't have that power, and for good reasons. I agree, a browser should NOT open document (dangerous macros?) without asking. I remember Microsoft created a patch for IE (around version 5.5) to force this behaviour. Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: socket connect and response time
Simon Wistow [EMAIL PROTECTED] writes: Is there an easy way to get the time taken to connect and the time taken to respond to an HTTP request or am I going to have to go in and hack around? Be careful, there are problems with timeouts, which dont work natively (you can get 20sec timeout or more when requesting 3sec) LWP::UserAgent uses IO::Socket::INET and 1. with LWP 5.69, Perl 5.8.0, Linux 2.4.18 the timeout handling code is put in comment you can define your own signal handling around the calls to LWP (sigaction prefered) 2. with LWP 5.43, Perl 5.005_03, Linux 2.2.16 the timeout handling code is not in comment but doesnt work for me (block in dns lookup, SIGINT I think) But with Verisign rerouting all inexistant .com/.net domains, the timeout will dramatically decrease for these :-( Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [Newbie Guide] RTFM, STFW, and STFA
Wouter van Vliet wrote: So, since I'm not quite a newbie I did not read all the guides .. RTFM (Read The F*ck!ng Manual) and STFW (Search The [EMAIL PROTECTED] Web) I already knew, but what does STFA stand for ;).. In a word : s/STFA/STFAQ/ From ESR's Jargon File v4.4.4 (some hacker culture, yes) See links for more precise definitions... RTFM Read The Fucking Manual http://catb.org/~esr/jargon/html/R/RTFM.html RTM, Read The Manual http://catb.org/~esr/jargon/html/R/RTM.html STFW Search The Fucking Web http://catb.org/~esr/jargon/html/S/STFW.html GIYF Google Is Your Friend http://catb.org/~esr/jargon/html/G/GIYF.html RTFAQ, Read the FAQ! http://catb.org/~esr/jargon/html/R/RTFAQ.html RTFS, Read The Fucking Source or Read The Fucking Standard http://catb.org/~esr/jargon/html/R/RTFS.html RTS, Read The Screen http://catb.org/~esr/jargon/html/R/RTS.html Perhaps we could add this link to the Newbie Guide ( found this in archives and with s/tuxedo/catb/ ) How To Ask Questions The Smart Way, by Eric Steven Raymond http://www.catb.org/~esr/faqs/smart-questions.html Yes, I like authoritative answers ;-) Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL not returning entire field
Christopher J. Crane wrote: returning only like some of the data in the field. What I am getting back only 255 chars or so... Perhaps a varchar(255) field which should be something like text (MySQL) ? -- Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session_start() corrupt HTML output with IE
hecchan wrote: Using IE 6 (XP) i can't see the source generated for PHP even the page works properly (It doesn't happend with Mozilla or Opera). The View source in IE 5 and 6 is buggy : it doesnt work as soon as there are too many files in the Temp Internetfiles folder. sic. Solution is of course emptying IE cache... or switching to mozilla ;-) See M$ Knowledge base article Q306907 -- Christophe Chisogne Developper, Publicityweb sprl http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: gettext i18n
Catalin Trifu wrote: Try: putenv(LANG=de_DE) . 'br'; putenv(LC_ALL=de_DE) . 'br'; setlocale(LC_ALL, de_DE, german) . 'br'; I would have done this: putenv(LANG=de_DE); putenv(LANGUAGE=de_DE); // better to be paranoid, works for me ;-) putenv(LC_ALL=de_DE); setlocale(LC_ALL, de_DE, german); (see some user comments in php manual) Then you can try to reload the apache webserver (because of the gettext cache, which could hide modifications). /etc/init.d/apache reload on a Debian GNU/Linux system. /etc/rc.d/httpd reload on RedHat likes Perhaps check german locales are correctly installed on the *nix server. (php uses the setlocale() system call). Yes, locales are system specific. It should be better documented in the php manual :( btw! on win32 it works :( I solved it the stupid way, because locale names are different on *nix and windows (ex: fr_BE vs French_Belgium). On my test systems, some aliases were common (french, dutch, german) but the path where php looks for the mo file was different (ex fr_BE vs french, de_DE vs german). So I simply copied the /de_DE dir to /german and so on. (for french, I had fr/, fr_BE/ and french/ as dir for it to work on 2 linux servers and 1 test NT server :( Hope it helps, -- Christophe Chisogne Developper, Publicityweb sprl http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP]: CSV export
Kai Poppe wrote: I'm trying to export database entries to a CSV file for Excel. Everything's working perfectly except that blob (long-text) fields that contain line-breaks are being exported to different lines within the CSV. With excel CSV: - \n is a record separator - ; is the field separator (CSV = _Comma_ Separated Values ?!) - is used to enclose special chars in fields like ' ' and \n - is used in fields containing to replace it In a word, you just include the \n within surrounding quotes. See http://www.creativyst.com/Doc/Articles/CSV/CSV01.htm Hope it helps, but the CSV format isn't really a standard (ex MySQL use escapes seq like \ for included in fields) -- Christophe Chisogne Developper, Publicityweb sprl http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem occurs when included file includes anther file.
nc01.php from demo.php: ok in root/./inc01.php Indeed, the PHP doc should be updated on that point. I do agree with you, after struggling a while for the same kind of problem :-) But I've got all explanations below. Nicholas Robinson wrote: The directory structure is as follows: |-- demo.php |-- inc/ |-- inc1.php |-- inc2.php === file demo.php == require 'inc/inc1.php'; === file inc/inc1.php == require 'inc2.php'; == file inc/inc2.php == this is a test The above inc/inc1.php is ok for testing.And this would be ok too: ?php //file inc/inc1.php require 'inc/inc2.php'; ? Problem occurs when the code is like this ?php //file inc/inc1.php require './inc2.php'; ? Fatal error: main(): Failed opening required './inc2.php' (include_path='.:/usr/local/lib/php') Your code is not correct, in PHP before 4.1 at least. The include path is always the one of the (initial) script. It's / in your case. You must use require inc/inc2.php even in inc1.php because the search path in inc1.php (used by require inc/inc2.php) is '/' (initial script) and not '/inc'. NB this behaviour changed after 4.1. Now, the search path is first the (initial) script, and _if_not_found_there, the path of the including (parent, included) script. So your code will somewhat works after PHP 4.1 (unless an included file has the same name in the including script), but it can't work before PHP4.1. The best option seems to always use the old convention, to avoid confusion (and clash in file names, which could be a difficult to find bug). It seems that there's noxplanation about this in php manual.Could someone give some? Yes, but I think it's really well hidden (in doc users comments) Look at the comment of ivo at i7 dot nl on 26-Nov-2002 08:56 in http://www.php.net/manual/en/function.include.php Btw,I am using redhat 7.2 / Apache 2.0.47 / PHP 4.3.3RC1 I guess your code works on that particular server and not on another one ? I had the same surprise that you have, so I do always this now. 1. Use old convention (require './include/inc01.php') even in included files 2. Use '.' in front of path as show above, just in case (bad php.ini) In fact there is a more subtle pblm left. The old semantic means the 'require' in an included file depend on the 'require' of the including file! Here under an example to better understand. It happens when you have a subdir (say admin) which contain php libraries used in that subdir and in the parent dir (can be often) I suppose an 'old' PHP (before 4.1) as some of the ones I use. Path: root/demo.php root/inc/inc01.php root/admin/demoadm.php root/admin/inc/lib01.php root/admin/inc/lib02.php Includes: lib01.php incl lib02.php : require './inc/lib02.php' demoadm.php incl lib01.php: require './inc/lib01.php' demo.php incl inc01.php: require './inc/inc01.php' Ok until now for demo.php and demoadm.php, but add this include: inc01.php incl lib01.php: require './admin/inc/lib01.php' Code is broken in demo.php but not for demoadm.php When calling demoadm.php, search path is root/admin, includes: ./inc/lib01.php from demoadm.php: ok in root/admin/./inc/lib01.php ./inc/lib02.php from lib01.php: ok in root/admin/./inc/lib02.php when calling demo.php, search path is root/ includes: ./inc01.php from demo.php: ok in root/./inc01.php ./admin/inc/lib01.php from inc01.php: ok in root/./admin/inc/lib01.php ./inc/lib02.php from lib01.php: KO in root/./inc/lib02.php Pblm is in lib01.php: - called from demoadm, we need './inc/lib02.php' - called from demo, we need './admin/inc/lib02.php' I guess that's the reason of the change in include/require semantics. But it can be resolved simply. Here's my solution 1. create root/admin/inc/admconfig.php (all cfg vars for root/admin/) 2. in admconfig.php, set admindir var: $admindir= './' 3. create root/inc/config.php (all cfg vars for root/) 4. in config.php, set admindir var: $admindir= './admin/' 5. in 'lib01-type' files, use require $admindir . './inc/lib02.php' 6. of course, include admconfig.php in all root/admin/ php files and config.php in all root/ php files Another solutions left as exercice, as well as asking PHP guys to update the doc for includes ;-) -- Christophe Chisogne Developper, Publicityweb sprl http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shell_exec
Rodney Green wrote: My web server runs as the user 'apache.' (...) the script successfully from the command line as root but when I run it in the browser the shell script executes but fails. (...) I've set the permissions of the script to be executable for anyone. Shell side: - must be readable and executable by user (apache or perhaps everyone) - suid bit work only for programs, not scripts I think - shell can only execute cmds for which it's effective user has sufficient permissions Try this (as root on webserver), if you can login as apache. If you can't login as apache, log as a normal user (not root) # su - apache $ cd /path/to/script $ ./myscript.sh You will probably see errors here. If not, it probably is a safemode restriction. See http://www.php.net/manual/en/features.safe-mode.php#ini.safe-mode and set the safe_mode_* variables in php.ini or in a .htaccess, in particular safe_mode_exec_dir ... Hope it helps -- Christophe Chisogne http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Making i18n work on all Unix webservers ?
With the following code to translate messages in french, we need to put the mo files in a directory like ./local/xxx/LC_MESSAGE/messages.{mo,po} putenv(LANGUAGE=french); setlocale(LC_ALL, 'fr_BE'); bindtextdomain(messages, ./local); textdomain(messages); echo 'br' . _(Yes); On one linux webserver, xxx must be 'fr' (and LANGUAGE set). On another linux webserver, xxx must be 'french' (no var to set). How can I guess which xxx to use, for my code to work on any webserver ? Other solution than using 3 or more directories like 'fr', 'french', 'fr_BE', and copying it? In fact, I'd like to make it work on windows servers too... And how can I guess which env var to set (or not) and in which order (LC_ALL, LANG, LANGUAGE, ...) ? Is there a way to do it for the code to work nearly everywhere ? I'll use a class to hide that complexity. Can someone help ? The PHP documentation is far from beeing clear and precise enough in that particular field. --- Christophe Chisogne Developper, Publicityweb sprl http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making i18n work on all Unix webservers ?
Tom Rogers wrote: CC ./local/xxx/LC_MESSAGE/messages.{mo,po} CC setlocale(LC_ALL, 'fr_BE'); CC bindtextdomain(messages, ./local); CC textdomain(messages); CC How can I guess which xxx to use, for my code to work on CC any webserver ? Try using $dir_name = setlocale(LC_MESSAGES); After setup and that should return the string that gettext will use to locate its files. Thanks. But it looks like it's more complicated. setlocale(LC_MESSAGES,'0') returns fr_BE, but it seems PHP looks in ./local/fr, not in ./local/fr_BE when searching the catalog files, at least on one webserver. (using PHP 4.1.2, the other PHP 4.2.3). I guess there is some kind of search path to locate the catalog files, with some preference order. Too bad the i18n PHP thing isn't more predictable :-/ Of course, I restarted the webserver (apache reload) between tests, to avoid problems with the gettext cache. I think I'll simply copy ./locale/french to fr, fr_BE, fr_FR And something similar for dutch and german. But I thought there was some better and cleaner way to do it, in a more manageable way. -- Christophe Chisogne http://www.publicityweb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php